Spam Blackhole List Sued, Injunction Ordered

from the ah,-this-again dept

We've discussed multiple times in the past how some anti-spam blackhole lists seem to go too far in blacklisting sites without providing any recourse, leading to plenty of false positives -- however, does that mean they should be sued? We've seen spammers sue anti-spammers in the past, including the case in Texas where some spammers tried to pretend that because they complied with CAN SPAM it was illegal to block their spam, but the latest lawsuit is interesting, because the person in question (whether he can be called a spammer is apparently an open question) has convinced a judge to issue a temporary restraining order barring the blackhole list from including his IP. This seems pretty questionable. A blackhole list is just that: it's a list. What individuals or ISPs choose to do with that list is really up to them. It shouldn't be blamed on the list if people filter out those emails. We may complain that these blackhole lists do a poor job of responding to false positives, but really the problem is with those who rely too much on those lists, rather than the lists themselves. If the lists are doing a bad job, and blocking too many legit sites, than that news will get out, and the list will lose its usefulness.

No Subject Given

Blaming companies or people that use the lists instead of the people and companies that make that bad lists is misdirection (bullsh*t). The guilty party is the list maker not the list user. Put the blame where it belongs, on the people that make the bad lists, not the people that trust those people to make the lists.

What you are suggesting is that faulty products are the fault of the consumer not the maker. Yes, that is the idea meme that the makers want spread out there, but it is total and utter bull.

Re: No Subject Given

I have seen how these blacklists work. Our firm simply sent out confirmation emails from our server to people that filled out a form online and then our corporate email gets dumped in Yahoo, AOL and Google. That is plain wrong. We never remarketed the list, just sent them a thank you email. How many of us have also gotten email that mistakenly got dumped into our spam filter. When someone figures out the right way to authenticate, they're going to be google rich. But the list makers playing God and damaging one's abiltity to do business need to be held accountable.

Re: No Subject Given

Blaming companies or people that use the lists instead of the people and companies that make that bad lists is misdirection (bullsh*t). The guilty party is the list maker not the list user. Put the blame where it belongs, on the people that make the bad lists, not the people that trust those people to make the lists.

So it's illegal to make lists?

What you are suggesting is that faulty products are the fault of the consumer not the maker. Yes, that is the idea meme that the makers want spread out there, but it is total and utter bull.

No. That's not what I'm suggesting at all. I'm saying that the ISPs are *misusing* the lists.

If the consumer *misuses* the product, then how is it the maker's fault?

Re: No Subject Given

The real problem is the spammers. The worst (and the majority?) have few discernible priniciples or ethics. They care little for individuals who do not want their inbox cluttered with email that is not interesting nor desired.

Re: No Subject Given

Eventually bad lists may die if list users stop using them. But that's little comfort to somebody inappropriately blocked by a list right now, with no recourse. Such a person/organisation can't reasonably be expected to explain to every single user of a list that their inclusion is unfair; it is the list owner who has included them unfairly, and it can only practically be the list owner who can fix things.Of course all that hangs on the nature of unfair inclusion. It's hardly unreasonable not to take people saying that they are not spammers completely at face value. But it is unreasonable either to ignore them, or to assume that the list owner has the monopoly on accurate information. If the person who thinks they have been unfairly treated wants an independent view, that's perfectly understandable. Ideally that wouldn't involve the courts - but it's not clear that there is a real alternative.

Re: No Subject Given

Unfortunately this is a theoretical argument that doesn't have a lot of meaning in the real world. Given asymmetry of information in the market place; it takes time for RBLs with bad practices to get weeded out; by which time a lot of damage can be done.it is well known that many RBLs have shoddy practices around how they qualify and vet a complaint.there should be recourse to litigate and make sure RBLs clean up their act.your argument is as specious as saying Goodyear killed a bunch of people with their crappy tires but it's ok since over time people will switch to michelin and we'll be ok. we all know that the market can't take care of everything efficiently.

Spam

I think anyone should be able to create a list of sites to block if they so desire. They list creator might not even have a reason why they think the sites should be blocked. As another pointed out, it is up to those who use the list to verify the quality of the entries.

However, could it be slanderous/libleous to call a site a "Spam" site? Such an accusation could be damaging to the business potential of a site.

Re: No Subject Given

I agree. I also work for a non-for-profit organization, one of the black listing services black listed the entire Class-C from a cable provider of which we had 5 total IPs. It took SEVERAL weeks to even find any recourse and then several more for the cable comapny to work with the blacklisting service to release the 5 IPs we use for legitimate corporate e-mail.

No Subject Given

Spammers suing anti-spammers is simply ludicrous. I mean, think about it. The sharpened focal point these days, however, should be email accessed by mobile phones. Live software may be the future; mobile access is key though. Google's acquisition of Android is an evidence. Any enterprise that can take grip of this enormous, ripe market will be able to garner substantial profit. The emergence of cell phone jammers, however, pose more questions than many care to answer. For details, check out °²ÌØÒ×ÆÁ±ÎÆ÷.

Re: No Subject Given

Blackhole Lists

I hope that the lawsuit against the anonymous black hole lists brings about some sort of change in the system. Like just about any other community project, it started out with, and may still have, noble motives. But with no real control on the system it has gotten out of hand. Just read the posts from NANAE and you will see that the current system is broken.What should replace it? Not sure, obviously it will mean more work or more money spent to achieve similar results, but the system borders on net vigilanteism right now, so something should be done.

Re: Ah the joys of mass mailing.

Spammers should be punished harshly

Spammers do not realize the damage that they can cause. As an admin of a Hospital, I see queues delaying mail up to 3 hours. Some of those messages in the queue are needed to save lives. If someone were to die due to the spam influx, should a spammer be accussed of murder? Now ask yourself this question as a spammer, if it was your new born daughter, whould you do this?

We had someone spam us then threaten to sue

I work for a small non-profit. We got sent spammed from a "newsletter" that no one signed up to receive. I requested removal which didn't happen, so I reported this IP and domain to SPAMCOP, the California State Attorney General, and CC'd the spammer. He went ballistic and threatened litegation. I told him if that's what it took to get removed from his list, then sue away. All was quiet for about 4 months, then it started all over again. More threats of litegation on SPAMCOP and the non-profit. I told him I think discovery for this case would be interesting. I'd love to see this guy's server logs and database audit trails proving we opt-ed in as per California's Anti-SPAM laws. He removed us again and so far it's been quiet.

This is the first time I've heard someone convince a judge the blocklist needed to be TRO'd. SPAMCOP's IP addresses drop off after 48 hours if not further SPAM is detected. I hear SPAMHAUS isn't so fair about getting people off their list.

Re:

If the consumer is using the list the way it's inteded to be used, how is the consumer "misusing" the list?

Using the list to completely block out mail, rather than simply flag it is a misuse. The lists are intended to alert you to potential spam. ISPs that simply reject blackhole emails are misusing the list -- assuming that they're perfectly accurate when they're not. Flagging is better than outright rejection.

Either way, the lawsuit argument is ridiculous. No one has the right to email you. The end user has the right to decide whether or not they want to use a filter or not, and by choosing their ISPs that use filters, they're saying they want that -- and that they're willing to accept the occassional missed legitimate email.

Spamming so bad, calling someone a spammer wrongly

Some of these lists are run by cowards who like to be "powerful." They often put blocks of IPS on the list because of 1-2 incidents where a hosting provider or ISP didn't shut down their definition of a spammer, often nothing compared to the real offenders. And some of them have NO CONTACT info, just a loyal following of partially informed IT geeks looking to block real spam.

Sort of like saying "I saw Joe buying an adult movie, he must be a sex offender and so is everyone in his town because the cops didn't arrest him for it." Except they then just add thousands of homes to what people thought was a list of sex offenders and soon a town can't get jobs etc. Because their home address comes up on a sex offender list.

It is digital slandar in some cases, because there are no standards for why someone is on a list. And no way to get removed.

I think like domain names, ICANN needs to take the role of hosting any lists of bad IPs etc. Not anonymouse groups of geeks well meaning or power hungery that make up standards as they go.

Sue the list holder, and tell them clearly what is legal and not legal. That may be another solution.

Misuse of Product

I belive that most of these Black Lists advertise themselves as lists of known Spammers or ISPs that allow spamming, and the instructions are to ban all sites listed. I don't think you can make a case that someone is misusing a product, when they are just using it as advertised and instructed. Liability misuse is only pertenent when you use a product in a way not intended by the manufacturer. This is not the case with someone blocking URLs on a purchased Blacklist

No Subject Given

The people who maintian these black hole lists are the most irresponsible and ignorant people on the web. I hope they one tries to sue me for slander for that statement so I can prove it in a court of law. They punish many for the crimes of a few and then refuse to listen to reason. I've been there (punished for spam from a complete stranger in my IP block).

Go F yourselfs blackhole list morons. I hope to see you on the street one day. Sea Man Out!

Re: No Subject Given

"No. That's not what I'm suggesting at all. I'm saying that the ISPs are *misusing* the lists.

If the consumer *misuses* the product, then how is it the maker's fault?"

more bull. How is the user misusing the lists? The lists are incorrectly labeling someone as a spammer. Someone that takes the list at its word is "misusing " the list? Come on. You are just shifting the blame from the list maker to the list user.

The list maker is responsible for justifying his list. If it is a fake list then he should be held accountable. Just like any other product that is fake or broken or inaccurate.

Why defend these people, mike? They are clearly hurting innocent websites and are not helping in any way the fight against spam.

Re: No Subject Given

I'm not defending them. If you've read my past statement against many of the list makers, you'd see that I have serious problems with them.

However, as I've made very clear, I don't think just because they create a bad list they deserve to be sued.

My point about "misuse" is two-fold. First, the lists should be used for flagging, not blocking. Second, it's the ISPs responsibility to know about the lists they're using.

I could easily createa blackhole list that has every IP address on it. Should I be sued? Well, no one would ever use such an RBL because it would suck. The problem is that ISPs are believing these RBLs are accurate when they're not.

spam

If the lists are doing a bad job, and blocking too many legit sites, than that news will get out, and the list will lose its usefulness.

That "supply and demand" analogy doesnt really fit spam blacklists, though. Even though you might be inconvenienced by getting "sorb'd," are you really going to go to all the effort of switching ISP's for one or two sites? And even if you wanted to switch providers, odds are there isnt going to be much competition for you to switch to (if any). Where i am, Charter is the only game in town.

And if you pester your ISP to pester SORBS, theyll just ignore you. They could care less that 1% of their users cant access a couple sites. For them, its not worth the risk of accidentally unleashing more spam.

SORBS (et al) is an instance of well-meaning individuals just royally fucking things up... and then refusing to try and rectify the problem.

No Subject Given

Try This List, Mike

However, as I've made very clear, I don't think just because they create a bad list they deserve to be sued.

So, Mike, if your name somehow ended up on the Megan's Law list of sex offenders, you wouldn't think the list maker deserved to be sued?

I don't have any problem with spammer lists. However, like any provider of a product, they are responsible for the quality of that product (even if they don't charge for it). If their product does harm to an innocent party, they certainly should be held liable.

As for ISPs misusing the list, I've heard of plenty of people and companies getting sued and losing for somebody misusing a product. Why do you think an opaque cardboard sun shade has the warning "Do not drive with sun shade in your windshield"?

Re: Try This List, Mike

the fact remains that Mr Scoville IS a spammer (someone who sends UCE/UBE), DOES harass anti-spammers(see link below and his website), and hosts a website which arguably falls under the auspices of good samaritan blocking under 47USC230.47USC230:(2) Civil liability. No provider or user of an interactive computer service shall be held liable on account of--

(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or

(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1).

Re: Try This List, Mike

So, Mike, if your name somehow ended up on the Megan's Law list of sex offenders, you wouldn't think the list maker deserved to be sued?

Whoa, talk about making the argument ridiculous. The sex offender list is a specific list with clear qualifications to get on it (be a convicted sex offender). Spam IP lists are nothing of the sort. Because spam is still very much in the eye of the beholder... er... receiver, it's perfectly reasonable to come up with all sorts of different lists without opening yourself up to lawsuits.

Re: Try This List, Mike

Here is a question for you. Was this list blocking a range of IP's or just 1 IP? Seems kind of an abuse of resources to block an entire range rather than just taking it up with the IP that is in question.

Re: spam black list

Re: Re:

>Using the list to completely block out mail, rather than simply flag it is a misuse. The lists are< br>>intended to alert you to potential spam. ISPs that simply reject blackhole emails are misusing>the list -- assuming that they're perfectly accurate when they're not. Flagging is better>than outright rejection.

No, flagging is NOT better. In fact it is far worse. Flagging leaves the mail in the receiver'sspam file, unseen, while a legitimate sender thinks it was delivered.Rejecting the mail causes legitimate mailers to bounce it back to the legitimate senders, so theycan know it didn't get delivered.Rejecting is far less harmful to legitimate sendersthan flagging.

Slander!?

It's only slander to a clueless judge. Check out how the lists portray themselves. Every list I've seen is quite clear about this.

Furthermore, lists are purely opt-in. Anyone using the list is aware of the risk of false positives. Anyone filtering has a right to filter on any basis he likes. Suing the list is like suing Microsoft or Apple or IBM for creating mail clients that allow filtering: it's incredibly stupid. The only (big!) difference is that Microsoft or Apple or IBM have more than enough resources to make sure the judge understands how stupid it is, while the blacklists don't. So they make easy targets for litigious senders of bulk e-mail.

Re: spam

AgreedAfter several weeks of trying to make SORBS understand the static IP address provided for us by BT are NOT dynamic (and BT insist they have asked for it to be delisted many times), I am at the end of my tether and contemplating a virtual Jihad againt these "people" (although I am not convinced they aren't some sort of AI gone mad!).Even though Friends Reunited is a top 10 internet brand and a company actively known for its non-spam policy, we are still being made to suffer for the bullishness of these anti-spammers. If you can't put the resources into the customer service side of the fight against spam (and believe me I hate it as much as the next email admin person) then you should not get involved because the negative impact of false positives is costing a lot of companies a lot of money, to say nothing of my grey hairs!I appreciate the effort guys but you need to be more professional when you mess with people's messaging systems...

overly enthusiastic unresponsive blacklists

The assertion that the list maker isn't responsible for someone's being blacklisted because they just make a list hanging out in space is quite hypocritical. The entire purpose of such lists is to blacklist people. Perhaps such lists are useful as recipes for apple pie, but I think they're used to blacklist people.

What exactly would be the point of a blacklist if the users of the list have to check everybody on the list?

SORBS

We use SBLXBL at the University I work for. SBL's are not perfect and it really is quite easy to get one's server on one or more SBL. It is also quite easy to get your server's off of a SBL, except when it comes to SORBS. Now I personally do not care if we stay on SORBS SBL forever, but some of my users do. We train medical personel, do research, and provide many critical resourses to the local community, state and the world, and some of those institution use SORBS. Why the hell would anyone use that SBL? SORBS is run by extortionists. Some of those unstitutions that use SORBS have real A-HOLES in their IT departments and make one jump through hoops to get them to White List your domain.

I don't care that SORBS has us listed, I do care that they will not communicate with you unless you pay them. F SORBS!

Re: SORBS

I have been on the SORBS DUHL list. They added a huge block of IP's from our ISP saying they were dynamic when in fact they were all static. Our ISP finally gave up as SORBS kept relisting the same block. Even Microsoft is using SORBS. We are a Microsoft Partner and could not even get white listed by them. It took me 18 days to finally get our IP on the exclusion list. I wonder how long that will last. My corporation would gladly join a class-action lawsuit against SORBS.

SORBS is rotten to the core

I have some IP's also added to SORBS DUHL list. They claim that the IPs are dynamic and have no rDNS. THis is obviously not true since I can go to dnsstuff.com and verify everything is true. SORBs is using faulty scanning to arbitrarily add people to their list. Then you can never get off. I have been trying for 1 month now. I will join a class-action against them.

Re: SORBS

We used SORBS as well for a while. But it quickly became appearant that they blocked multiple dutch ISP-mailservers. When a custommer of us complained about mail not arriving, I started investigating and found out that SORBS was giving a lot of false positives. We removed SORBS (and found similar experiences with SORBS on several newsgroups/forums) and since then we haven't had false positives.

I keep monitoring the mailserver in order to quickly detect when a blocklist is generating false positives. We block mail using 4 blocklists which we found (After research) to be reliable. I think all ISP's should monitor the blocklists they use. This simply because it are non-profit systems that block IP's that are in their opinion spam/exploit/virus-sources.

Blocklists aren't holy, they are maintained by humans. Every human has an opinion, and a blocklist reflects it's creator's opinion. Blocklists are usefull tools for reducing spam (and thus our bandwidth and other resources which aren't for free).

I feel a blocklist should not be sued for listing someone that in their opinion is a abusive host. Minor note about most blacklists I've come across: They all note they are not responsible for false positives, and if one disagrees, should not use the list.

The most famous "Do not use" list is BLARS. That's the only list our IP-range is on, because it was listed in a /16 netblock way before we got our own /24 netblock (in the range of the /16 block). BLARS never replied to a request, and BLARS asks a fee that is not financially acceptable for the small company I work for.

Spin from spammers!

Keep in mind that several of the comments here are from spammers trying to spin this, and their PR flunkies. Astroturfers, they are. When folks report listing errors like the ones mentioned here, when they provide enough info to determine the the details of what IPs were listed where for what, it's clear that the victims generally are not victims at all, but perpetrators. The claims about the SORBS DUHL, for example, are bogus. As for responsiveness, I've contacted SORBS a couple times (not about erroneous listings), and they have always responded promptly.

Spam Lists

Most spam blackhole lists have been very responsive, and answer emails quite promptly in my experience. The only blackhole list I've had problem with was SpamHaus from England. I received several emails from some person named John claiming to be the owner threatening me with bodily harm if I took actions against his company. After forwarding the email including full headers and mail server logs to the appropriate authorities my server was removed promptly from their list. Apparently I wound up on their list due to an arguement I had with this so called SpamHaus owner in a chat room on IRC.

As to the people that say the government should control these blacklists. Is our court system fair? Innocent until proven guilty yet you get taken to jail and stay there until proven innocent. Even if you are innocent our government will do everything it can to lock you up. Should our government be given absolute power over the internet? I think not.

Mike Cole

Jesus is a MYTH, you idiots!

There was NO Jesus.
There IS no Jesus.
There WILL BE NO Jesus.

It was a myth. He was married. He had a kid. He didn't get resurrected. He was a rebel of the time. What a cute idea: let's blame the Jews forever for the death of a Jew which was caused by the Italians!

And let's have 'pictures' of this supposed Jesus and guess what? He looks like a Brit! Not like a swarthy, hooknosed Jew like the ones you like to hate.

C'mon assholes, read your ancient myths: like Leda and the Swan. The god figure has sex with a human and a 'special' child is born. Lots of cultures have the same myth. And you then kill and kill and kill Jesus' own people for 2000 years.

Re: Blackhole Lists

Sorbs helps big corporations.

We are a small company competing against two of the biggest corporations on the internet, Amazon and Ebay. We try to send newsletters to our users and then always blacklisted by Sorbs despite following all required and generally accepted protocols and standards.
Whether they intend to be doing so or not, I can not say, Sorbs is assisting the big corporations stifle competition. If there is anyone else out there in the same situation we find ourselves in, or if you have been in this situation, please contact me at roger@gemm.com to inform me of whatever you have done successfully or to join together to seek some sort of legal remedy.
Also, I would be interested in receiving contact from any journalists who would find this worth shedding light on. I believe Google/Bing search results are also designed, possibly purposefully, to favor big corporations over struggling competitors. Let's join together and do something about it. -Roger Raffee